Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-21220
HistoryMar 08, 2022 - 12:00 a.m.

Tp-link Archer C2 OS Command Injection Vulnerability

2022-03-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
23

0.022 Low

EPSS

Percentile

89.5%

TP-Link Archer C2 is a wireless router from Tp-link.TP-Link Archer C20i version 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n is vulnerable due to a security flaw in the device’s HTTP parameter X_TP_ ExternalIPv6Address. ExternalIPv6Address in the device lacks filtering and escaping of user data, which can be exploited by remote attackers to run arbitrary commands on the router with root privileges.

0.022 Low

EPSS

Percentile

89.5%